Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable descriptions for statement nodes #194

Closed
Ana06 opened this issue Jul 24, 2020 · 2 comments · Fixed by #209
Closed

Enable descriptions for statement nodes #194

Ana06 opened this issue Jul 24, 2020 · 2 comments · Fixed by #209
Assignees
@Ana06
Labels
enhancement New feature or request
Milestone
v1.1.0

Comments

@Ana06
Copy link
Member

Ana06 commented Jul 24, 2020

Summary

Enable descriptions for statement nodes such as and and or.

For example:

- or:
  - string: Environment
  - string: windir
  - match: set registry value
description: Modify %windir% environment variable

Motivation

@re-fox has provided a use of case in: mandiant/capa-rules/pull/51

Additional context

We need to come up with a way to render this in the -vv output. Suggestions:

1 - Inline as a comment
- or: # Modify %windir% environment variable
  - string: Environment @ 0x401213
  - string: windir @ 0x40121A
2 - Inline with the already existent description symbol
- or: = Modify %windir% environment variable
  - string: Environment @ 0x401213
  - string: windir @ 0x40121A
3 - Not in line
- or:
  - string: Environment @ 0x401213
  - string: windir @ 0x40121A
description: Modify %windir% environment variable

I like option 2. What do you think? Any other ideas?

This also need to be added in capa explorer.
@Ana06 Ana06 added the enhancement New feature or request label Jul 24, 2020
@Ana06 Ana06 self-assigned this Jul 24, 2020
@Ana06 Ana06 mentioned this issue Jul 24, 2020
Merged
@williballenthin
Copy link
Collaborator

yeah, i'm leaning towards 2 for consistency and keeping a dense representation of the information.

@williballenthin
Copy link
Collaborator

we'll need to add support in the json document, too

@Ana06 Ana06 mentioned this issue Jul 27, 2020
Merged
@williballenthin williballenthin added this to the v1.1.0 milestone Aug 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Ana06 Ana06

Labels
enhancement New feature or request
Projects
None yet
Milestone
v1.1.0
Development

Successfully merging a pull request may close this issue.

Enable descriptions for statement nodes
2 participants
@williballenthin @Ana06